This alert is even simpler than the bruteforce check.
Microsoft stores successful Windows updates with the event ID 43, 44 or 19. All we need to do is create a filter for all other IDs.

Updates are stored in Winlogbeat in the winlogbeat_winlog_event_data_updateTitle field.

The search input is done on the Winlogbeat input as source:

_exists_:winlogbeat_winlog_event_data_updateTitle AND NOT (winlogbeat_event_code:43 OR winlogbeat_event_code:44 OR  winlogbeat_event_code:19)

Go to alerts and create  a new event.

Create a filter using the input from above:

Add fields for alert output:

Edit the notification channels as desired (you are free to choose whether you want to be alerted by email or otherwise). Your summary should look like this: